@ryansch Great alternative! UX-wise, the keybase command line is a step forward. Its output has a much clearer wording, which makes it much less fear-inducing to users who are not crypto experts.
That said, the gpg variant may still remain useful. Some users may prefer not to join Keybase, not to install their software, or not to trust yet another party in the chain.
Yes, we considered the keybase tools, but we decided that asking users to join keybase just to validate our signatures was ridiculous. GPG should suffice for most people.
@cohix: keybase actually works without logging in. But the command needs to have the keybase GUI running which isn't ideal if you use the command infrequently.
Comments
Hey @ryansch you can see those instructions in our getting started guide: https://support.1password.com/command-line-getting-started/#set-up-the-command-line-tool
Perfect! Thanks @cohix.
Any time!
@cohix
keybase pgp verify -d op.sig -i op -S 1passwordmight be an even better verification commandCool, we'll look into it :)
@ryansch Great alternative! UX-wise, the
keybasecommand line is a step forward. Its output has a much clearer wording, which makes it much less fear-inducing to users who are not crypto experts.That said, the
gpgvariant may still remain useful. Some users may prefer not to join Keybase, not to install their software, or not to trust yet another party in the chain.Yes, we considered the keybase tools, but we decided that asking users to join keybase just to validate our signatures was ridiculous. GPG should suffice for most people.
@cohix: keybase actually works without logging in. But the command needs to have the keybase GUI running which isn't ideal if you use the command infrequently.
Ah okay I understand. Thanks for the heads up.